package com.kun.config;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * @description: 多角色访问,过滤链使用自定义的过滤key
 * @author: KM 2018年5月9日 下午8:52:07
 */
public class ManyRolesAuthorizationFilter extends AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		Subject subject = getSubject(request, response);
		String[] rolesArray = (String[]) mappedValue;

		//没有角色限制，放行
		if (rolesArray == null || rolesArray.length == 0) {
			return true;
		}
		
		//若当前用户角色是rolesArray中的任何一个，则放行
		for (int i = 0; i < rolesArray.length; i++) {
			if (subject.hasRole(rolesArray[i])) {
				return true;
			}
		}
		return false;
	}
}